<<View the PDF>>  

Impeded View

A Critical Guide for Enterprise Deployment of Windows Vista

White Paper by Binary Research International Inc.

Vista Unveiled

Beautiful and fun. That's how PC World magazine¹ described Windows Vista - or more specifically, the Aero user interface - shortly after the launch of the new Microsoft operating system. For what it's worth, we'll add our voice to the Vista celeb­rat­ion: Aero is not only cool, it's whiz-bang cool. But nor beauty nor fun nor even whiz-bang cool win hearts and minds of CIOs, VPs of operations, and IT directors - the men and women who make enterprise IT procurement decisions.

Among such decisions, whether, when, and how to upgrade an operating system are three of the most critical. Indeed, as e-business becomes more like business-as-usual, even in traditionally low-tech industries, an operating system upgrade is akin to chang­ing an engine in flight. In other words, not something you'd want to do without a very good reason.

Foreboding aside, Vista does present some good - if not very good - reasons for upgrade. Higher productivity is one. Vista's new integrated search utility speeds discovery of hard-to-find content buried within Office documents, emails, web sites, and elsewhere. It also stores search queries for easy re-use and lets users preview items before opening them. This utility alone might shave minutes off information access tasks per user per day, releasing a cumulative hour or more of product­ivity each week. Vista also sports ReadyBoost, a technology that uses USB 2.0 flash memory to augment the slower hard drive, thereby making PCs more respons­ive. Meanwhile, Vista's ability to self-heal - for example, resolving printer driver, connect­ivity, and other problems autonomously - will lessen demands on an enterprise's IT help desk.

Improved security is another reason to give Vista more than a passing glance. Its hard­ened firewall guards against outbound as well as inbound attacks. This enhance­ment may eliminate the need for some organizations to maintain a third-party fire­wall, saving as much as $25 per desktop per month in consequence. Add to that Windows Defender, Vista's integrated anti-spyware software, which might save another $10 per month or $36,000 per year for a 300-user Vista license. Network access protect­ion lends further fortification by allowing administrators to set conditions for PCs to connect to the network. Windows BitLocker - Vista's new hard drive encrypt­ion tech­nology - downgrades a lost or stolen laptop with sensitive data from a code-red crisis to a minor inconvenience.

Other Vista advances include superior networking capabilities, improved power manage­ment, and new application programming interfaces (APIs) for developers. Superior networking benefits users with simplified connectivity to multiple wireless networks. Administrators benefit too with new features such as a network mapping utility that can locate every device on the network. Improved power management alleviates a perennial frustration of Windows XP users and promises to cut power consump­tion by some $50 per desktop per year. Developers, meanwhile, will enjoy the Windows Workflow Foundation for building workflow-enabled applications, one of Vista's many new API technologies.

But acclaim for Vista is neither unqualified nor universal. And whereas some criticisms have been misdirected (the early lack of drivers for certain components and periph­erals was a failure of third parties, not Microsoft), others bear closer scrutiny. In part­icular are claims that the new Microsoft Solution Accelerator for Business Desk­top Deploy­ment 2007 (BDD 2007) empowers IT departments to deploy Vista with unprecedented ease.

Undoubtedly, Vista's many innovations will induce adoption among the greater number of enterprises during the next 12-24 months. To this end, the technical challenges of deployment are a primary concern. This white paper assesses both the BDD toolset as well as complem­ent­ary third-party tools that support Vista deployment. Remember, replacing an operating system is like changing an engine in flight. Do it wrong and you might lose more than a little altitude.

Under the Hood

From a user's perspective, Vista's most distinguishing feature is the Aero interface². However, differences between Vista and its predecessors are more than skin deep. The code base is completely new, and some 90% of the new technology resides under the hood.

Componentization

At the root of all this innovation is a more flexible, modular, component-based design. Componentization means that variants of Vista - for example, a U.S. English version of Business edition, a U.S. English version of Enterprise edition, and a Portuguese version of Enterprise edition - all comprise a common code base together with additional modules particular to each variant. The code base is language neutral - that is, free of any language-specific code.

Componentization is a radical departure from previous Windows operating systems. The Japanese and French versions of XP Professional, for instance, aren't built on a common base with additional Japanese and French language packs. They exist instead as separate monolithic code. Before Vista, companies with global operations faced a Hobson's choice: either deploy entirely separate versions in their overseas facilities or, alternatively, manage with an English Multilanguage User Interface version - an even larger monolith that is English at its core but combines support for a limited selection of other languages.

Windows Imaging Format

A second pillar of Vista is WIM, Microsoft's new file-based Windows imaging format. Each DVD that includes Vista has at least two WIM files: the Vista operating system (install.wim) and the Windows Preinstallation Environment (winpe.wim), which is a reduced memory-only version of Vista for supporting installation of the full version on bare-metal machines.

The WIM format, together with Vista's component-based design and language neutral­ity, greatly simplifies maintenance of Vista images. Unlike a security update to an XP machine, whose service packs and patches must conform to the operating system's edition and language specifics, updates to Vista can apply the same service pack and patch regardless of edition or language. Further, since Vista's modular design treats drivers as removable components, Vista images are now editable offline using the PNPUTIL tool. This allows IT professionals to add and delete drivers and make other changes to the configuration without having to rebuild the image on a live reference machine - a process that would formerly have taken several hours.

Also important, WIM's file-based format enables non-destructive deployment. This means an administrator can apply an image to a hard-drive volume without erasing the data within the drive partition. And the WIM-formatted images can install on partitions of equal size to the data contained in the WIM file - unlike sector-based images, which require the destination drive to have a partition that is at least as large as the source drive.

Hardware Independence

Previous Windows operating systems such as XP and NT have booted from an initializ­ation file that is part of the operating system. Vista, in contrast, starts itself via the Windows Boot Manager, a component of a separate boot environment that loads prior to the operating system. This separation - together with component-based language neutrality and the file-based WIM format - makes Vista images independent of the hardware abstraction layer (HAL).

Although no panacea, hardware independence helps reduce the number of images an enterprise must create, store, and manage in a heterogeneous IT environment. After preparing a reference computer using the Sysprep tool, and presuming the resultant image contains all necessary drivers for deployment, a single Vista image will now deploy on virtually any machine.³

BDD and WAIK

Faced with the need to facilitate increasingly large-scale deployments, both for its own internal use and for large enterprise customers, Microsoft developed the Solution Accelerator for Business Desktop Deployment 2007. BDD 2007, which is freely available with Vista, complements the updated Windows Automated Installation Kit (WAIK), designed to help original equipment manufacturers (OEMs), system builders, and corporate IT professionals deploy Windows on new hardware. BDD 2007 provides a further multitude of tools, best practices, guidance, and scripting techniques for the optimal deployment of both Vista and application software.

Table 1 - Principal BDD and WAIK Deployment Tools

The BDD Workbench is the centerpiece of BDD. Comprising the ImageX, System Image Manager, Windows PE 2.0, and Windows Deployment Services tools (see Table 1), Workbench enables IT professionals to build and manage images for multiple operating system configurations and deploy those images to enterprise clients. BDD 2007 also alleviates much of the scripting requirements of previous BDD versions by incorp­orat­ing a stand-alone task sequencer for unattended installations. Specifically, BDD 2007 helps enterprises:

• Create deployment and planning teams whose staff have the right skill sets.
• Create a software and hardware inventory for deployment planning.
• Test applications for compatibility with Windows Vista and mitigate any issues.
• Implement the new volume activation process in Windows Vista.
• Develop a migration strategy for user, application, and data transfer.
• Set up a test environment using deployment and imaging servers.
• Design a strategy to package core and supplemental applications alongside Vista.
• Automate processes for desktop image creation and deployment.
• Increase the security of the PC environment.
• Develop options for remote deployments to branch offices and mobile users.

Box - Vista Deployment Scenarios

BDD 2007 supports four Vista deployment scenarios:

Paradise Postponed

Vista's modular design, language neutrality, file-based WIM format, hardware-independent imaging, and extended suite of deployment tools go some way toward meeting the deployment needs of IT professionals. But these advances notwithstand­ing, deployment of Vista remains a sizable undertaking.

Several considerations still stand between reality and deployment paradise, not least of which is the complexity of Microsoft's deployment tools. Microsoft acknow­ledges this challenge, noting "no substitute for trial and error"⁴ and admonishing organiz­ations "to consider investing in learning opportunities for these new tools"⁵. Independ­ent research organizations sound a similarly cautionary note. For example, a recently published white paper from Framingham, Massachusetts-based IDC warns that "migration to Windows Vista requires significant premigration planning."⁶

Binary Research concurs. Our own IT professionals, some of whom have more than 20 years experience, cite the need for both breadth and depth of expertise to effectively use even one of the Vista deployment tools. Use of Windows Deployment Services, for instance, requires knowledge of multiple technologies including DHCP, TCP/IP, switch­ing and layering, scripting, PXE, XML, and others. Moreover, use of the entire BDD tool set entails six different user interfaces. And a lack of integration between the various interfaces means users must boot piecemeal to complete a deployment.

Microsoft's deployment best practices - identified in the tool set's supporting document­ation - illustrate sample environments. Real-world deployments, however, are much more difficult. Indeed, smaller and mid-size enterprises are unlikely to possess the necessary resources and expertise, and even large enterprises may need assistance from the systems integrators and consultants who are now positioning themselves to render such assistance.⁷

Several other aspects of the free Vista tool set may also disappoint IT professionals. One is the lack of a zero-touch deployment option.⁸ The closest approximation hereto is so-called lite touch, a semi-automated process for unattended Vista installation. A prerequisite for lite touch is a client PC capable of booting from a remote Windows Deployment Server via a network adapter. Yet the necessary PXE technology is not usually enabled by default in the BIOS of most client machines, thereby adding labor to the deployment. Furthermore, even when the lite-touch process exploits maximal use of XML unattend answer files, an IT professional must still initiate and supervise the installation at each client machine.

The Vista tool set's lack of support for multicasting is another concern. Use of size-reduction techniques such as compression and single instancing notwithstanding, a typical Windows Vista Image is still some 3 GB. That's a considerable amount of data to disseminate across a network, especially given the need to transfer the image individually to each machine.

To this end, Microsoft's BITS (background intelligent transfer service) technology helps a little by managing asynchronous file transfer. In particular, BITS preserves the responsiveness of other network applications and automatically resumes transfers after network disconnects and computer restarts.

BITS is likely to be most useful for enterprises that want to deploy thin images - that is, deploy a minimal standard operating environment to every PC and then roll out additional layers (so-called builds) as collections of applications, language packs, and updates according to the needs of the enterprise. BITS can also support hybrid images, which combine multiple builds in a single image file together. Use of hybrid images together with scripting technology and Vista's System Image Manager tool enables deployment of builds according to defined logic.

However, BITS is no substitute for multicasting. In the absence of a third-party multi­casting solution, network-based Vista deployments will have to be after hours and via more complex VLAN or managed-switch networks to minimize impact to normal traffic. Alternatively, small enterprises may want avoid the network entirely by deploy­ing a conventional thick (that is, all-inclusive) image via local media. To this end, today's extended-capacity dual-layer and double-sided DVDs and USB flash drives may be viable options.

Eventually, paravirtualizing device drivers will replace a machine's hardware-specific drivers, eliminating any driver incompatibility problems. In the meantime, such problems undermine Vista's hardware independence. For example, the Vista driver set may not recognize certain network adapters, IDE controllers, video cards, and sound cards on PCs procured before mid-2006. If a deficiency is known before deploy­ment, an IT professional can use the PNPUTIL - a new Vista tool - to add that driver to the Windows Vista driver store. Otherwise, IT professionals will have to find and install necessary drivers post-deployment. Incompatibilities may also arise for newer devices.

Finally, Vista's increased hardware requirements may pose additional challenges, inducing many enterprises to postpone Vista deployment until the business case for new hardware is compelling. For Premium Ready performance, which every Vista user will demand, the client PC must have at least a 1 GHz processor, 1 GB of system memory, 128 MB of graphics memory, a 40 GB hard drive (with 15 GB of free space), and a DVD-ROM drive. Furthermore, even in situations where a client PC exceeds these requirements, hardware replacement may still prove more cost-effective than an in-place upgrade or refresh, which is more likely to retain any problems inherent in the existing system.

Desperately Seeking Solutions: Third-Party Tools for Vista Deployment

In just the past ten years, IT organizations have faced multiple calls to deploy new Windows operating systems, from Windows NT to Windows 98 to Windows 2000 to XP and now Vista. During this time, several independent software vendors have developed solutions for operating system deployment and user migration from one system to another.

Dominant among such vendors today is Symantec Corporation⁹, which in 1999 acquired from Binary Research Ltd. the technology for the industry-leading Ghost solution. Introduced by Binary Research in 1996, the original version of Ghost was exclusively a disk imaging tool. Today's Ghost Solution Suite 2.0, in contrast, is an integrated suite of utilities for predeployment planning, centralized and remote provisioning, user migration, data back up, asset management, and operational continuity. It's a cradle-to-grave concept for managing PCs from initial deployment to maintenance to recovery and disposal.

IT professionals in enterprises large and small will continue to depend on Ghost and other third-party tools for mission-critical tasks like Vista deployment. In some cases, these tools will complement Microsoft's free tools. In other cases, IT departments will by-pass the Vista tool set entirely, favoring instead more powerful and more user-friendly third-party solutions. Ghost Solution Suite 2.0, for example - which was primarily designed for Vista deployment - provides a single management console for all migration tasks. Users of BDD 2007, meanwhile, must negotiate four different consoles and two command-line tools to perform a comparable migration.

Ghost addresses another deficiency in the Vista tool set through multicasting. Adopt­ion of this load-minimizing strategy, by which routers and switches send data over each link of the network just once, allows IT professionals to rapidly deploy systems across the enter­prise with no discernible impact on network users.

Third-party tools provide still other advantages over Microsoft's freeware: Ghost can manage mixed environments of Windows, Unix, and Linux platforms, whereas the Microsoft tools are for Windows only. Integration of Ghost with Symantec's data and system back-up capability protects data during migrations. Ongoing hardware and software inventory scans post-deployment allow IT professionals to quickly identify and neutralize threats to enterprise security, introduced perhaps quite unintentionally by users. And Ghost can provide secure PC retirement, completely erasing the last traces of corporate data from a computer's hard drive to the 5220-22-M military specification of the U.S. Department of Defense.

Further, with ten years of industry leadership, Ghost has been battle-tested in enter­prises worldwide. Numerous documented case studies¹⁰ attest to the productivity increases, return on investment, and cost savings for IT departments that have adopt­ed this industry standard. No wonder Symantec now commands a market share of some 90% for imaging and deployment software.

Ghost and other PC management solutions simplify deployment and migration to a single step of porting a previously created image to the user's PC. In ideal circum­stances, the process may be complete in ten minutes or less. However, an image of one PC may not readily port to a different machine because of driver incompatibilities between the two hardware platforms. An image of a Dell desktop, for example, won't port to the IBM ThinkPad in the office next door. It might not even port to another Dell if the processors or model numbers differ.

Given that most enterprises of any size support disparate PCs, this limitation creates a sizable problem for IT managers. Even slight differences between PCs have required them to maintain a unique image for each PC configuration. Indeed, mainten­ance of two or three dozen images is not at all unusual. With so many images to manage, imaging responsibility quickly devolves to multiple personnel, and inconsist­encies in compliance to security policies, licensing, and regulatory requirements are inevitable.

As a workaround, an IT professional can use Microsoft's Sysprep utility to prepare a reference computer for imaging. Sysprep generalizes elements of the operating system that are unique to the reference computer - for example, the computer's name, security identifier, and driver cache - so that the image will deploy successfully on another PC. Once generalized, the image should deploy without any conflicts.

Fortunately, the Universal Imaging Utility (UIU), another third-party tool, conveniently solves the dual problems of image portability and multiple image management. Better yet, it does so without asking IT professionals to do battle with Sysprep. Developed by Big Bang LLC and distributed by Binary Research, the UIU allows IT professionals to deploy a single Vista image, created using any imaging solution, on any hardware platform regardless of make, model, processor, or configuration. It works by preparing the reference PC prior to executing imaging software, including installation of an extensive driver database. An image of this reference PC will then deploy on virtually any PC. The image is universal.

Key to this advance is the UIU driver database, which contains drivers for more than 35,000 hardware components from systems integrators and OEMs like Hewlett-Packard, Sony, Intel, NVIDIA, and 3Com. Yet despite the need to accommodate such a comprehensive set of drivers, the database is small enough to fit on a single DVD. More­over, the UIU continuously updates its driver stock, minimizing the chance that an image will ever lack the requisite drivers for a destination PC.

Vista Deployment in Perspective

Employees and the IT professionals who support them will ultimately decide for them­selves whether Vista was worth its five years in development. Doubtless, some will be beguiled by the new user interface. Others will enjoy the productivity benefits of its enhanced search capabilities and ReadyBoost technology. IT professionals, meanwhile, may appreciate the modular design, language neutrality, file-based imaging format, and extensive tool set.

Sentiment notwithstanding, one thing is certain: If it hasn't arrived already, Vista is coming to a PC near you. In today's IT-driven business environment, enterprises don't have the option of sitting out the release of a new Windows operating system while competitors, application service providers, and independent software vendors gear up to exploit the system's features and capabilities.

Indeed, your enterprise might have begun premigration planning with activities such as hardware assessment, cost estimation for any necessary hardware replace­ment, and application compatibility evaluation. You might even have completed a Vista rollout, including system build, deployment and user-state migration.

At whichever stage in the process, enterprises now have a broader choice of support tools than ever before. For this reason, IT professionals need to carefully consider whether Microsoft's free Vista tools better meet their needs than tried-and-tested third-party solutions.

The choice of tools is dictated, of course, by consideration of resources - knowledge, capital, time, and technology. For example, Does your enterprise have the in-house expert­ise to implement the BDD 2007 tool set? How much time and capital will you need to invest to acquire that expertise? Is unicast deployment across your network viable? What are the cost-benefits of a third-party multicasting solution? Are the enter­prise's PC and servers predominantly homogeneous? Will a heterogeneous environ­ment pose problems in terms of image management and hardware depend­encies? Post-deployment, how can the IT department most efficiently maintain and secure the enterprise's IT assets?

We are Binary Research International, and we are experts in Vista deployment. We hope the foregoing helps stimulate you to achieve an exemplary Vista upgrade. In the meantime, read on to learn more about our heritage as well as our deployment products, training, and support services.

About Binary Research International

Binary Research International has been at the forefront of the imaging and deployment industry since its inception. We trace our origins to the 1991 founding of our pre­decessor, Binary Research Ltd, the New Zealand-based pioneer in file-transfer tech­nology that introduced Ghost, the original imaging product, in 1996. Ghost was subsequent­ly acquired by Symantec Corporation, the global leader in maintaining critical IT infrastructure.

Today Binary Research International provides sales, training, and support for Ghost as well as for Big Bang's Universal Imaging Utility and Sprite Software's back-up and imaging products. We also offer consulting services to Ghost users, including project planning, network assessment, deployment, and troubleshooting. Our clients include AOL, Booz-Allen, AT&T Wireless, British Telecom, U.S. Federal Reserve Bank, Oxford University, Harvard University, NATO, Fujitsu, DreamWorks, Rockwell Automation, U.S. Department of Justice, Coca Cola Beverages, Procter & Gamble, Siemens, Xerox, U.S. Library of Congress, DuPont, and the U.S. Air Force.

Binary Research International is headquartered in Glendale, Wisconsin. We operate in Europe through our subsidiary, Binary Resource (UK) Ltd. To learn more about our expertise in imaging in general and Vista deployment in particular, contact:

Binary Research International Inc.

5215 N Ironwood Rd, Suite 200
Glendale, WI 53217
United States

USA Toll Free: 1-888-446-7898

USA Phone: 414-961-7077

USA Fax: 414-961-1716

info@binaryresearch.net

www.binaryresearch.net

Binary Resource (UK) Ltd.

Lombard House
12-17 Upper Bridge Street
Canterbury, Kent CT1 2NF
United Kingdom

UK Toll Free: 0800 404 9282 (UK Only)

UK Toll Free Fax: 0800 404 9286 (UK Only)

International Phone: +33 321.86.76.17

International Fax: +33 321.86.76.68

info@binaryresource.com

www.binaryresource.com

[1]  Preston Gralla. Everything You Need to Know about Windows Vista. PC World. January 2007. 25(1) p 86

[2] The Aero interface is available in all but Home Basic of Vista's five editions: Home Basic, Home Premium, Ultimate, Business, and Enterprise. This paper addresses the Business and Enterprise editions, which are the likely choices for small/mid-size businesses and larger enterprises, respectively.

[3]  Two distinct images are still necessary for 32-bit and 64-bit architectures. Also see Paradise Postponed below for a discussion of other limitations of Vista's hardware-independent imaging.

[4]  Nelson Ruest, Danielle Ruest. Migrating to Windows Vista through the User State Migration Tool. Microsoft. March 3, 2006; http://technet.microsoft.com/en-us/windowsvista/aa905115.aspx

[5]  Ibid.

[6]  Frederick W. Broussard. Best Practices for Windows Vista Planning, Migration, and Ongoing Management. IDC White Paper. June 2007.

[7]  Deploying Windows Vista to the Desktop. White Paper. Dell, Inc. January 2007

[8]  To effect zero-touch deployment of Vista without third-party tools, enterprises would need to procure Microsoft's Systems Management Server (SMS) product, now released as Configuration Manager 2007.

[9]  Symantec is likely to strengthen its position with its recent acquisition of Altiris, a former competitor with complementary virtualization and service-desk products and established relationships with large enterprises. But other vendors - Acronis, Novell, LANDesk, IBM, and others - also compete in the PC lifecycle management segment.

[10] For example, see the following case studies: Pyrotek [www.symantec.com/enterprise/solutions/
successes/detail.jsp?csid=pyrotek_inc]; American Portwell Technology. [www.symantec.com/
enterprise/solutions/successes/detail.jsp?csid=american_portwell_technology_inc'; and Joliet Public School District 86 [www.symantec.com/enterprise/solutions/successes/detail.jsp?csid=joliet_public_
schools_district_86]